Module Name: src
Committed By: tls
Date: Thu Mar 28 18:06:49 UTC 2013
Modified Files:
src/sys/kern: subr_cprng.c
Log Message:
Re-fix 'fix' for SA-2013-003. Because the original fix evaluated a flag
backwards, in low-entropy conditions there was a time interval in which
/dev/urandom could still output bits on an unacceptably short key. Output
from /dev/random was *NOT* impacted.
Eliminate the flag in question -- it's safest to always fill the requested
key buffer with output from the entropy-pool, even if we let the caller
know we couldn't provide bytes with the full entropy it requested.
Advisory will be updated soon with a full worst-case analysis of the
/dev/urandom output path in the presence of either variant of the
SA-2013-003 bug. Fortunately, because a large amount of other input
is mixed in before users can obtain any output, it doesn't look as dangerous
in practice as I'd feared it might be.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/kern/subr_cprng.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
